In a significant move, major banks in Singapore will phase out one-time passwords (OTPs) for customers who use digital tokens to access their bank accounts. This transition will occur progressively over the next three months, aiming to enhance customer protection against phishing scams, according to an announcement by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on Tuesday (Jul 9).
Customers using physical tokens will not be affected by this change. The banks involved include DBS, OCBC, and UOB.
The MAS and ABS explained that digital tokens will authenticate customer logins without the need for an OTP, reducing the risk of scammers stealing or tricking customers into revealing their OTPs. They strongly encourage customers who have not yet activated their digital tokens to do so to mitigate the risk of phishing.
OTPs were introduced in the 2000s as a multi-factor authentication method to enhance online security. However, advancements in technology and sophisticated social engineering tactics have made it easier for scammers to obtain customers’ OTPs, often by creating fake bank websites that closely mimic legitimate ones.
The new measure aims to strengthen the authentication process, making it more difficult for scammers to fraudulently access customer accounts and funds without explicit authorization via the customer’s mobile device.
Phishing scams remain a significant concern in Singapore. Last year, police statistics indicated that at least S$14.2 million (US$10.5 million) was lost to such scams.
Ms. Loo Siew Yee, assistant managing director for policy, payments, and financial crime at MAS, stated: “MAS continues to work closely with banks to protect consumers by strongly opposing digital banking scams. This latest measure will complement the good cyber hygiene practices that customers must continue to follow, such as safeguarding their banking credentials.”
ABS director Ong-Ang Ai Boon added: “This measure provides customers with further protection against unauthorized access to their bank accounts. While it may cause some inconvenience, such measures are essential to prevent scams and protect customers.”